CIS Controls

Evaluate your cyber security with NFIR's tools and improve through a personalized roadmap based on CIS Controls.
NFIR beeldmerk kleur
NFIR beeldmerk kleur

CIS Controls

Evaluate your cyber security with NFIR's tools and improve through a personalized roadmap based on CIS Controls.

Our working method

Many companies today still struggle with their security. They want to know where they stand and what they can do to take their cyber security to the next level. Working with these issues, NFIR developed a tool that not only looks at the current status of cyber security, but also helps you formulate steps you need to take to take your cyber security to the next level.

Intrusion Detection and Vulnerability Scans

The first step is an inventory of what the as an organization is already doing and what is missing. We test this against CIS, the Center for Internet Security. CIS is a community-driven nonprofit organization responsible for the CIS Controls and CIS Benchmarks, globally recognized best practices for securing IT systems and data.

Who do we offer Security Monitoring to?

Once you know where you stand, the journey actually begins. To take your cyber security to the next level and eliminate potential threats, it is important to know what steps to take. NFIR’s tool will help you create a roadmap, making it clear to you what you can do.

  • Fase 1: Inventarisatie en assessment

    Op basis van beschikbare informatie en interviews krijgen we inzicht in het huidige beleid en reeds genomen maatregelen.

  • Fase 2: Vastleggen van het securitybeleid

    Met onze tool bepalen we waar u nu staat, wat uw organisatie al aan securitymaatregelen heeft genomen en wat er nog ontbreek. Hierin wordt er gemeten tegen een gemiddelde van de industrie waarin u zich bevindt.

  • Fase 3: Analyse en prioritering van nog te nemen maatregelen

    Onze tool bepaald een stappenplan voor uw organisatie om direct aan de slag te kunnen. De berekening van dit stappenplan houdt rekening met allerlei factoren, zoals kosten, complexiteit maar ook het normenkader van ISO en securitymaatregelen.

  • Fase 4: Rapportage, overdracht en oplevering CSAT tool

    U ontvangt een rapportage met de belangrijkste bevindingen van dit adviestraject. Vervolgens wordt de tool overgedragen aan uw organisatie, zodat u deze zelf in gebruik kunt nemen. U krijgt een eigen CSAT-omgeving zodat u ook uw voortgang kunt bijhouden en inzichtelijk hebt wat de te nemen stappen zijn in de juiste volgorde.

An enterprise-specific security roadmap

The list generated by our tool can be seen as a security policy roadmap. Because the tool takes into account your current status and where you want to go, this roadmap is unique and applicable specifically to your organization. The tool is then transferred to you, allowing you to get started on the advice immediately. It is also possible to track the steps you take in the tool. This makes it easy to show where you are, what steps you still need to take and where you want to go.

CIS Controls and CIS Benchmarks.

Security Information and Event Management (SIEM) and Security Operation Center (SOC) incorporated into a complete Security Monitoring service. A fully automated solution where your organization no longer needs to interpret data and is completely unburdened.

CSAT puts you more in control on the total security policy, which allows you to reference CSAT from ISMS. A mapping is present between the CIS Controls and the ISO 27001.

NFIR produces a report containing the weighted list of recommendations, a proposed roadmap. In addition, you get standard 2-year access to the online environment to track progress. During these 2 years we make 2 more appointments to see how things are going and answer any questions.

NFIR has been a partner of CIS for many years, which is why we use CIS Controls v8 to complete the tool.

NFIR’s security monitoring specialists are working on the development of the Insights platform every week. They process the information from devices in your network and analyse it using machine learning and proven detection rules.

By default, we assume a number of on-site sessions that can be scheduled by mutual agreement. After that, it takes about 4 weeks to make the report.

In most cases, yes. Security is such a vast field that by using an internationally recognized framework, there is a clearer picture of how well you are really doing. This will give you insight into whether you have covered all facets of cyber security, where any weaknesses are and how to strengthen them.